While British Airways was investigating their September 2018 MageCart breach that at the time affected 380,000 customers, they have discovered that an additional 77,000 customers may have been affected.

"The investigation has shown the hackers may have stolen additional personal data and we are notifying the holders of 77,000 payment cards, not previously notified, that the name, billing address, email address, card payment information, including card number, expiry date and CVV have potentially been compromised, and a further 108,000 without CVV," stated an update on British Airways' site. "The potentially impacted customers were those only making reward bookings between April 21 and July 28, 2018, and who used a payment card."

This announcement further states that they do not have conclusive evidence that the data was accessed and are contacting the potentially affected customers. If customers have not heard from them by October 26th at 17:00 GMT, they do not need to be concerned.

The British Airways breach was caused by attackers adding the malicious MageCart script to a 3rd party JavaScript library called Modernizr that was used by the site. The malicious script was then able to collect submitted credit card details and payment information and have it sent to a remote server under the attackers control.

Hacked Modernizr Library

The ongoing investigation has also concluded that the amount of affected customers is lower than originally reported in September.

"In addition, from the investigation we know that fewer of the customers we originally announced were impacted. Of the 380,000 payment card details announced, 244,000 were affected. Crucially, we have had no verified cases of fraud."

Lawrence Abrams is the creator and owner of BleepingComputer.com. Lawrence's area of expertise includes malware removal and computer forensics. Lawrence Abrams is a co-author of the Winternals Defragmentation, Recovery, and Administration Field Guide and the technical editor for Rootkits for Dummies.